<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Linker crashes attempting to patch relocation with invalid offset"
   href="https://bugs.llvm.org/show_bug.cgi?id=46981">46981</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Linker crashes attempting to patch relocation with invalid offset
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>lld
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Windows NT
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>ELF
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>unassignedbugs@nondot.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>jh7370.2008@my.bristol.ac.uk
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>llvm-bugs@lists.llvm.org, smithp352@googlemail.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>I ran into this after accidentally crating an ELF with a relocation with an
r_offset which pointed way beyond the end of the file. Here's a simple
reproducible:

--- !ELF
FileHeader:
  Class:   ELFCLASS64
  Data:    ELFDATA2LSB
  Type:    ET_REL
  Machine: EM_X86_64
Sections:
  - Name: .foo
    Type: SHT_PROGBITS
    Flags: []
    Size: 0x100
  - Name: .rela.foo
    Type: SHT_RELA
    Info: .foo
    Relocations:
      - Type: R_X86_64_64
        Offset: 0xffffffff
        Symbol: .foo
Symbols:
  - Name: .foo
    Type: STT_SECTION
    Section: .foo

PS C:\Work\TempWork> C:\llvm\build\Debug\bin\yaml2obj.exe test.yaml -o test.o
PS C:\Work\TempWork> C:\llvm\build\Debug\bin\ld.lld.exe test.o -o test.elf
<crash>

Obviously, my input is broken, so I don't expect the linker to succeed. It
should however not crash.

Relatedly, if the offset is smaller, but still not within the range of the
patched section (e.g. r_offset = 0x101 in the above example), the link appears
to succeed. I have no idea what is patched in that case. The link should fail
with an error if attempting to write outside the range of the section.</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>